Overview
What is CrowdStrike Falcon?
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance impact, no additional agents,…
Best EDR Tool
CrowdStrike Falcon: The most balanced and feature-rich XDR
Great Edr for companies
After using CrowdStrike Falcon for one year, here is what I learned…
Great all round endpoint protection solution
beyond the F1 sponsor, it's best in breed EDR
Excellent purchase not once regretted it.
We can investigate/remediate and run scripts when we suspect …
CrowdStrike Falcon Complete has been nothing short of awesome!
A Comprehensive Look at the Fabulous EDR CrowdStrike Falcon
CrowdStrike Falcon review for companies
Fantastic reduction in EDR operations
Great product, great performance, you get what you pay for (not cheap but worth it)
We were using other solution and we were forced …
The do everything endpoint protection tool
- Default endpoint protection tool on all servers and laptops.Laptops
- local firewall, and device lockdown (USB drives blocked)
- Spotlight
- …
Strengthening cyber defenses with CrowdStrike Falcon
How CrowdStrike Falcon Differs From Its Competitors
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
- Thousand Eyes Endpoint tool was replaced using a combination of CrowdStrike Falcon and WorkSpaceOne as it was redundant.
- HaveIbeenPawned API subscription was removed as CrowdStrike Falcon Exposure …
Breadth of Solutions
- Protection endpoints from all kinds of host/network based threats.
- Keeping an eye on what applications users are installing and removing if it violates compliance.
- Discovering exposed user information on …
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Our tech stack is rather layered to say the least, it is better than to rely on a …
Breadth of Solutions
CrowdStrike Falcon's has provided us with the opportunity to integrate our security team into different clusters i.e. not …
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Consolidation of Tools
But we are …
Breadth of Solutions
We have been lucky to have a decent security budget and headcount, but also efficient in exploiting the security arsenal that we are provided with.
As long as I have been with …
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Consolidation of Tools
Breadth of Solutions
Introduction to CrowdStrike
Introduction to CrowdStrike
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Endpoint Detection and Response (EDR) (75)9.393%
- Malware Detection (75)9.292%
- Infection Remediation (73)8.888%
- Centralized Management (76)8.686%
Reviewer Pros & Cons
Pricing
Falcon Pro
$6.99
Falcon Enterprise
$14.99
Falcon Premium
$17.99
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Endpoint Security
Endpoint security software protects enterprise connected devices from malware and cyber attacks.
- 8.8Anti-Exploit Technology(69) Ratings
In-memory and application layer attack blocking (e.g. ransomeware)
- 9.3Endpoint Detection and Response (EDR)(75) Ratings
Continuous monitoring and response to advanced internet threats by endpoint agents.
- 8.6Centralized Management(76) Ratings
Centralized management supporting multi-factor authentication, customized views, and role-based access control.
- 8.2Hybrid Deployment Support(4) Ratings
Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.
- 8.8Infection Remediation(73) Ratings
Capability to quarantine infected endpoint and terminate malicious processes.
- 8.2Vulnerability Management(57) Ratings
Vulnerability prioritization for fixes.
- 9.2Malware Detection(75) Ratings
Detection and blocking of zero-day file and fileless malware.
Product Details
- About
- Integrations
- Competitors
- Tech Details
- FAQs
What is CrowdStrike Falcon?
CrowdStrike Falcon Features
Endpoint Security Features
- Supported: Anti-Exploit Technology
- Supported: Endpoint Detection and Response (EDR)
- Supported: Centralized Management
- Supported: Infection Remediation
- Supported: Vulnerability Management
- Supported: Malware Detection
CrowdStrike Falcon Video
CrowdStrike Falcon Integrations
- Akamai Enterprise Application Access
- Cloudflare
- Attivo ThreatDefend Detection & Response Platform (a brand)
- Exabeam Fusion
- Splunk Enterprise Security (ES)
- Sumo Logic
- Swimlane
- AttackIQ Security Optimization Platform
- EclecticIQ Platform
- IntSights Cyber Intelligence, from Rapid7
- ThreatConnect SOAR (discontinued)
- Armis
- The Forescout Platform
- Claroty
- ThreatQuotient
- Panther
- Forescout
- Illusive Networks
- Netskope
- Okta
- Proofpoint
- Vectra
- zscaler
- ExtraHop
- Mimecast
- ServiceNow
- IBM Resilient Security Orchestration
- Automation and Response (SOAR)
- Arcsight Interset
- DF Labs
- LogRhythm
- Securonix
- Anomali
- Centripetal
- King & Union
- ThreatStop
- Dragos
- Medigate
CrowdStrike Falcon Competitors
CrowdStrike Falcon Technical Details
Deployment Types | On-premise, Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Windows, Linux, Mac |
Mobile Application | Apple iOS, Android |
Supported Languages | English, Japanese |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(240)Attribute Ratings
Reviews
(1-25 of 37)Why CrowdStrike
- Protects our endpoints
- Provide data that is actionable
- Comprehensive toolset
- Better looking dashboard - better graphics
- Better reporting capabilities
The reporting and dashboards could be improved to provide more clarity and ease of understanding of the metrics
- The detection is CrowdStrike Falcon is quite accurate. Based on how we configured we do get false positives but as per my experience it barely missed anything that is confirmed malicious. The way it understands the context of an artifact and classifies it being benign or malicious is brilliant.
- CrowdStrike Falcon Real-Time-Response console is very powerful and usable too. It doesn't feel much different whether the endpoint that is being remote-accessed is using Mac, Linux, or Windows. It is quite resilient to spotty connections too.
- The agents installed on the machines are quite silent and can be set to unobtrusive both in terms of computation and notifications to user.
- The interoperability with other AVs or EDRs is amazing too. I have seen many instances where it worked together so well without contradicting that it was hard to remember the existence of the second EDR. It only fired up when the second EDR tried to access some sensitive locations.
- The UI although a little complicated got many things right. It handles large amount of asset information quite comfortably. Doesn't lag or freeze the browser for a regular computer too.
- CrowdStrike Falcon keeps on changing the UI of the Falcon Management Console quite frequently. It is very hard to create instructional documents as they get deprecated that fast.
- They lack some basic AV features like running an On-Demand Scan for anything other than some Windows versions.
- The alerts especially the Machine Learning ones sometime give too much information to investigate and doesn't point out what in particular is suspicious. It causes us to waste time looking up hundreds of DNS, IP, etc to find the culprit
- They don't have a manual way of quarantining a file which is again basic.
- The behavior-based rule creation got a sharp learning curve as it is based on Logscale/Humio query language. Need a good query builder.
It is not so well suited for small companies with small security team as it got too many features to manage and mostly an overkill as it will only operate on a small asset-set. Plus it is not cheap. It is also not suited for companies that does large scale development and testing involving network access or File manipulation in their environment simply because the policy options aren't much granular to tune accordingly. Cortex is definitely better in that aspect.
- Compliance Audit
- End user security
- Data protection
- The user interface can be challenging to navigate from time to time until you get the hang of it.
Great all round endpoint protection solution
- Detecting suspect activity at the endpoint
- Stopping potentially damaging network activity by isolating an endpoint
- Tracing activity throughout the network to assist with investigation and remediation
- Limitations in ability to make detailed rulesets to address edge cases
- False positives continue to be an issue
- Can be noisy leading to alert fatigue
beyond the F1 sponsor, it's best in breed EDR
- better intrusion detection of external devices
- better dash board
- provides suggested best practices for people to follow
- the granularity of role permissions
Excellent purchase not once regretted it.
We can investigate/remediate and run scripts when we suspect any anomalies on the network. Using event search we are able to analyse events and devices on the network. We have an easy way of finding EOL devices through the asset dashboard. I can analyse user accounts and ensure that there are no strange accounts with passwords over the set period.
- Event Search
- Searching for unmanaged assets
- Tagging for easier searching
- Providing details on devices such as recently connected users and previously connected networks.
- UI is cumbersome at times
- Dashboard occasionally takes a while to load
- Support is somewhat delayed
Our organization being a university where thousands of students and hundreds of staff turn up daily, puts our critical assets at risk of being compromised by an insider. CrowdStrike Falcon helps us identify the source of a threat accurately, blocks the triggering file or script before it can cause damage. The AI / ML based detections are very helpful because they catch threats that other vendors may fail at. The scope of our use case is endpoint monitoring and threat management.
- AI / ML based malicious activity detections
- Detection information presented clearly and concisely on dashboard
- Easy filtering of detections on hostname, detection name, severity, date, time, hash, technique etc
- traces full process chain instead of just showing the source file or script which really helps in tracing the main security concern of machine
- If some malicious app uses microsoft's signed binary like onedrive, cmd, wscript CrowdStrike would tag the microsoft binary as malicious and fails to provide the actual file that tried to execute these.
- For example if a
- malware.exe tries to run this command
- cmd /c bitsadmin
- CrowdStrike would tag cmd or bitsadmin as malicious and does not mention malware.exe at all sometimes
- There are two different dashboards (updated and deprecated) which causes confusion among my team, all must be on same page and use single dashboard.
- Support is very slow in responding to problems and depend on automated bots which really frustrates when a major issue arises.
CrowdStrike Falcon may be less appropriate for smaller organizations due to its cost, also a technical support team is required to install / remove agents from machines and monitor the dashboard for detections daily.
Fantastic reduction in EDR operations
- Prompt response
- Reliable follow up
- High detection ability
- Enhancement of Japanese language
- Screen configuration that requires no screen transitions as much as possible
Strengthening cyber defenses with CrowdStrike Falcon
- CrowdStrike Falcon's next-gen endpoint protection consistently outperforms traditional solutions.
- The cloud-native architecture ensures seamless scalability and real-time updates, eliminating the need for manual interventions.
- CrowdStrike Falcon's threat intelligence and hunting capabilities are unparalleled.
- The advanced features may pose a learning curve for users unfamiliar with modern cybersecurity tools.
- A more transparent pricing model could assist in budget planning.
- Expanding compatibility with a broader range of security solutions would be advantageous.
CrowdStrike Falcon Review
- Detects suspicious activity
- Shows exact location and processes involved in suspicious activity
- Isolate computers with suspicious activity
- Setting up on MacOS was more complicated than expected (as kernel extensions were being phased out)
- Remediation is not always as automated as some other systems (e.g. Malware Bytes)
CrowdStrike real review.
- Malware detection.
- Bad behaviour detection.
- Support on old Operatives Systems.
CrowdStrike Security made easy.
- MDR
- Vulnerability assessment.
- Identity Protection.
- Easier to use interface.
- Log management.
- Investigations
- Protection of end points.
- Protection of user identities.
- Providing quick response to any identified security issues.
- CrowdStrike can be on the more expensive side of end point and identity management, but it's worth it.
- Staff did a great job pointing our IT workers to areas that needed remediation.
- CrowdStrike Falcon Endpoint consistently blocks incursions from compromised websites and prevents PUPs from installing
- Complete Staff is very attentive and makes whitelist changes quickly which allows our staff to be productive.
- The Dashboard can become overwhelming at times, too much information to absorb
- Computers that may have made it out into the field without the endpoint sensor are very difficult to find
- As with all systems that rely on machine learning false positives occurr
Efficient and effective endpoint detection and response
- Efficiently picking up and preventing malware threats on endpoints
- Prompt notification capabilities on any issues
- Ability to "set and forget" with minimal maintenance required
- Falcon Spotlight integrations with automatic patching solution would be a good feature
- LogScale with SIEM functionalities would be an added feature
- Simplified one dashboard with all high-level information
Crowdstrike Falcon in Higher Ed
- Monitoring
- Notification
- Device Management
- Have an executive dashboard
- better reporting cadence
- ability to tag devices with end user names
Lightweight yet Robust Security Solution
- Host machine vulnerability detection
- Threat mitigation
- Activity monitoring
- Constantly releases alerts or notifications
- Behavourial analytics
- Endpoint manual scan
- Malware analysis needs improving
- Requires some level of expertise to use its features
However, CrowdStrike isn't your typical anti-virus solution it does not provide you with the ability to control it manually like you would with some products out there.
On the best automated threat protection solution
- The Log analysis is very detailed and easy to use.
- Prevent and block all type of malwares.
- Great threat intelligence which is very up-to-date with the recent cyber attacks
- very user friendly in access and management
- Automated feature of detecting, taking action and closing incidents using fusion workflow.
- The False positive alerts can be minimized
- The UI can be made better and easy to access.
- Customer support can be made better
CrowdStrike Falcon Complete - world-class EDR managed-service without the hefty price tag!
- Updates are seamless and rarely fail compared to past products
- The tool leverages the largest Cybersecurity threat database in the world
- The response to a potential threat or inquiry by the managed services team is lightning fast
- Extremely thorough responses from the managed services team on potential threats
- Onboarding quick and painless
- Sometimes updates to sensor versions fail, which requires manual intervention by internal staff members
- The variety of different administrative privilege levels is vast and sometimes confusing
- Proactive notifications confirming the health of the environment would be great instead of just reporting on potential issues
EDR as it should be
- We have very few false positives
- We are alerted with a script runs, such as a powershell commands
- It blocks rogue software from running
- it looks for patterns such as items that spread
- More customizable dashboards for each admin user
With the majority of our users working in hybrid mode we needed a strong security control that could provide top-class protection with the minimum amount of False Positives (and, of course, of True Positives).
Falcon provides full visibility on processes, communication flows and all sorts of activities that are happening on the endpoints. It works smoothly with other tools that we have co-deployed, like DLP, DNS protection, SWG/CASB, App monitoring and Control.
Recently we added to our arsenal the Identity Protection and the Cloud Protection modules, driven by the business needs to reduce the number of vendors, tools and dashboards while achieving maximum protection and synergy/consolidation.
We believe that as a company, Crowdstrike sits on top of the range of security vendors that we work with, has the right vision and keeps delivering excellence.
We are quite happy with their Customer Success Management and Support Services and look forward to trialling their new functions: LogsScale and External Surface Risk Management.
- Endpoint Security
- Threat Detection, Protection, Reporting
- Malware Analysis
- Continuous fast delivery of new features and improvements
- Customer awareness, learning and support
- Device Control
- Identity Protection
- Identity Protection - plenty of small improvements which have been suggested by our side. Long list to mention them here. If needed I can forward you the email/presentation sent for the occassion to the Production team.
- They recognised our contribution / remarks , by providing a discount on the initial offer, which we were happy to accept.
- Our company went through an MnA with another pharmaceutical. Both companies had Crowdstrike EDR installed on endpoints, but on different Tenants.
- Unfortunately there was not an official technical solution for migrating the endpoints to a unique tenant. We had to Uninstall the existing agent from the acquired company and then Reinstall it again, which was laborious and time-consuming. I wish they had a solution for such cases :-)
- Attack Surface Management (demoed recently) doesn't seem to be fully matured yet, but they definitively are on a good path.
The learning curb is a bit steep, but if time can be dedicated to attending Workshops and Learning modules on Crowdstrike University, then 3-6 months is a realistic timeframe to yield expected outcomes.
Clear blueprints for product rollout are provided to customers based on your specific environment.
- Firewall rules and policy that are cloud-managed is great to ensure devices are in compliance.
- Low engineering time spent after implementation, we don't have to babysit the product. It just works.
- Low amount of false positives.
- I would like an option to be able to scan files/folders. I understand, however, that this isn't really the way the product is designed and that it is designed around actively running processes. But it would be great to have a way to scan incoming media before loading it on our systems.
The perfect next generation firewall solution is here!
- Identify and remove 3rd party browsers like wave browser.
- Gives a single pane of glass to access details about a particular machine.
- Allows me to be able to stop a machine from accessing the internet once it is infected.
- Actively blocks and takes actions without me intervening.
- The dashboard can be overwhelming it could simplified more.
- Making the installer package easier to remotely deploy it.
- It is hard to come up with these. The product is amazing.
- Detecting malicious endpoint behaviors
- Providing thorough, timely cyber threat intelligence
- Integrate effectively between modules and with other security platforms
- Event Search is built on Splunk which requires some SPL knowledge to be effective
- Detections sometimes lack important information (e.g. hash of payload vs. hash of executing application)
- Overlap between modules (e.g. Insight and Discover for login activity) aren't always presented in a unified/integrated way
- Protection against modern threats.
- Elimination of false positives.
- Very well-managed solution, the complete team is great to work with!
- Device control capabilities (USB device control) are easy to implement.
- The UI while very comprehensive is a bit cluttered.
- Could be a little more intuitive to set up device groups.
- A little clearer definition of what is available to admins in the complete offering would be nice.